On Tue, 2020-06-09 at 16:33 -0400, Paul Wouters wrote:
> On Tue, 9 Jun 2020, Robin Geuze wrote:
>
> > So lets start at the beginning, why do we want to encrypt the communication
> > between then resolvers and the authoritatives in the first place. There are
> > two main reasons for encrypting
On Tue, 9 Jun 2020, Robin Geuze wrote:
So lets start at the beginning, why do we want to encrypt the communication
between then resolvers and the authoritatives in the first place. There are
two main reasons for encrypting things. One is authentication.
I disagree. Setting up a TLS
On Tue, Jun 9, 2020 at 1:26 PM Peter van Dijk
wrote:
> Hi Shumon,
>
> On Tue, 2020-06-09 at 12:37 -0400, Shumon Huque wrote:
>
> I think TLSA in the child zone could be made to work though, so I think
> it's
> still worth thinking about some more. Here's my suggestion:
>
> Place the TLSA record
Hi Shumon,
On Tue, 2020-06-09 at 12:37 -0400, Shumon Huque wrote:
> I think TLSA in the child zone could be made to work though, so I think it's
> still worth thinking about some more. Here's my suggestion:
>
> Place the TLSA record at the zone name, i.e. at the apex of the child zone,
>
On Tue, Jun 9, 2020 at 11:49 AM Robin Geuze wrote:
[...]
> So we are back to ideally signaling something via the parent. The only
> way to do this securely and without registries having to make large
> changes would be to use the DS record. The simplest way to accomplish
> this would be to just
Hello Paul,
I wanted to take a step back and explain the reasoning behind this
implementation and why we didn't pick a different implementation.
So lets start at the beginning, why do we want to encrypt the
communication between then resolvers and the authoritatives in the first
place.